Note: This is an archival copy of Security Sun Alert 200891 as previously published on http://sunsolve.sun.com.
Latest version of this security advisory is available from http://support.oracle.com
as Sun Alert 1000679.1.

A Local Unprivileged User May be Able to Cause a Denial of Service (DoS) to Solaris 10 Hosts via the "/net" Mount Point

CategorySecurity

CategoryAvailability

Release PhaseResolved

ProductSolaris 10 Operating System

Bug Id
6336467

Date of Resolved Release19-JUL-2006

Impact

A security vulnerability in Solaris 10 may allow a local unprivileged user the ability to panic the system using the special "/net" mount point (or a similarly configured mount point which uses the "-hosts" special map), creating a Denial of Service (DoS) condition.

Contributing Factors

This issue can occur in the following releases:

SPARC Platform

Solaris 10 without patch 118833-11

x86 Platform

Solaris 10 without patch 118855-08

Note: Solaris 8 and Solaris 9 are not impacted by this issue.

This issue only affects systems which have the autofs(4) service enabled and a "-hosts" entry in the "/etc/auto_master" file.

To determine if a system has the autofs(4) service enabled, the svcs(1) command can be used: